We all know, that md5 has its weaknesses. But, as always, exploiting such weaknesses in practice is not a piece of cake.
I was in the situation where I wanted to reverse a bunch of md5 hashes (don't we all find ourselves in this situation sometimes?). I had no further information on the hashes and expected them to be quite long, so the only feasible approach that came to my mind were huge databases (possibly using rainbow tables to save storage).
There is a cpan module called
Digest::MD5::Reverse
that promises to query some md5 hash database online to get a string that maps to a given hash. I will not create a link to its cpan page because it doesn't work at all. Besides: all of the databases that are mentioned in the documentation are down or the domain is sold. So I hacked together a small python script doing exactly what this perl module should do.
You can find it on github: https://github.com/larsborn/RevMd5.
I tried to make it easily extendable, so if you find another database and add it to the script, feel free to send me a pull request. You basically have to add an entry to the list of databases. Every such list entry can (or should) have the following entries:
* name
The name of the database, this is just candy.
* url
The url that should be requested to get the reversed hash.
* method
get and post are implemented up to this point.
* fieldname
the name of the request variable which carries the hash.
* extrafields
other payload to request the page. You can also use a function for every field. Every such function will be called once during one run of the script.
* matcher
A compiled regular expression object that matches the reversed hash on the result page.
* pre
A function that is called on the hash before the request (to make it uppercase for example).
* post
A function that is called after the reversed hash was retrieved (to base64 decode it for example).